Transcription

2 Radio Frequency IDentification All RFID tags are essentially radio transponders with memory. Can be either passive (no power) or use relfective power (modulated backscatter) with a battery. Two components: IC and antenna

4 RFID Errata Smallest tag is 150 x 150 x 7.5 microns Can store 38 digit numbers using 128-bit ROM. Initiative to reduce per-tag price to 5, or about a nickel. Typical frequencies are , , 13.56, and Mhz. Optical RF ID uses 333 THz. It also can t be read without line of sight, which makes it slightly less vulnerable. Image courtesy of

5 Security Issues RFID manufacturers love Security through Obscurity Many RFID tags send and receive data in clear text, leaving themselves open to man in the middle attacks (more later) Cost of reconstructing cipher from the hardware implementation is less than manufacturers think.

7 MIFARE Cipher Uses a 48-bit symmetric stream cipher. This is already crackable: remember how easy it was to crack 56-bit DES. Data is divided into two sections with different access rights and correspondingly different keys. To ease key-distribution, different tags in a system frequently have the same read key, leaving it open to impersonation.

8 Physical Reverse Engineering Step 1: Dissolve cards with acetone to get access to the chip. Step 1.5: Place chip in a medium to limit tilting Step 2: Polish off micrometer-thin layers of the chip using.04µm thick sandpaper or polishing solution. Step 3: Image all 6 layers (transistors are on the bottom). Some tilting is unavoidable. Use a tool to average several images.

9 Physical Reverse Engineering Step 4: There are several thousand logic gates on a chip, but only about 70 types. Identify these gates. Step 5: Use MATLAB image processing to automatically identify these gates given the templates you ve identified. Use normalized cross-correlation to overcome the variation in color/brightness across your chip images. This is <10 minutes for the entire chip.

10 Physical Reverse Engineering Image from Nohl et al., 2008

11 Physical Reverse Engineering Now that you know how the gates are laid out, you can find the cryptographic area of the chip by looking for a 48+ bit register and a set of XOR gates. RNG is an area with output but no input. Examine the area by hand, but don t over-do it: you can fill in holes in your knowledge by analyzing the protocol.

12 Protocol Analysis Use the OpenPCD Open Source RFID Reader to poke the chip. This lets you control timing, which is important to discovering vulnerabilities. First test: Are the key and the (known) tag ID shifted together sequentially? They tried shifted combinations and found many worked. This also told them the structure of the 48-bit linear shift register that holds the cipher. Entirely deterministic register that just cycles through a set of values by XOR-ing.

13 Protocol Analysis Cipher contains no non-linearity. This means everything is easy to derive once you know something. Recap: Authentication protocol is taking a shared secret key and a unique ID tag as input and using those to establish a shared session key for the stream cipher.

14 Random Number Generation Random numbers generated by a 16-bit linear feedback shift register initialized to a constant value. This means that the random number is purely a function of the amount of time the tag has been powered up! The number is also very short. Even if you can t control the timing, you only have 65,535 possibilities.

15 Vulnerabilities Key is small enough to brute force. Takes about 50 minutes on 64 FPGAs. Since you control random numbers and know the shifting patterns, you can create a codebook of recorded authentication outputs and the corresponding keys. Rainbow tables let you trade computation for space and store information for all keys. Each session key/id pair has exactly one corresponding secret key and all shifts are linear: Thus, if you compute codebook for one secret key, you can use it anywhere...

16 Summary Attacker scans public RFID ID. Use a reader to record just two timed challengeresponse interactions with the card. Use codebook to compute the key. Read all data on the card in the clear. Game over.

17 Fixing MIFARE Classic Better RNG: exploit the fact that memory cells are initially random. Start the cipher area in a random state and evolve using feedback loop until the random number is needed. This also saves space since you don t need a separate RNG: Use this to make a bigger cipher. Break the key-id mapping by using a non-linear feedback on one of the two for the register shift. Make the output function non-linear to protect against statistical attacks.

18 General Defense Don t rely on secrets! Use something like 3-DES and implement it properly. Use fraud detection to detect unusual access patterns. Even worse for privacy than straight RFID. Obfuscate at least the cipher part of your physical circuit design.

19 Just in case you feel safe... Many large companies don t bother with encryption at all. For access-passes, you can just grab and replicate the authentication code from a correct RFID: This is known as a relay attack. Passport cards and drivers licenses can be easily cloned as well as having the data stolen off them. You can download apps off the Internet to back-up any actual modern US passport.

Hacking Mifare Classic Cards Márcio Almeida (marcioalma@gmail.com) !! DISCLAIMERS!! Disclaimer 1: The content of this presentation results from independent research conducted by me on my own time and of

International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity

Privacy and Security in library RFID Issues, Practices and Architecture David Molnar and David Wagner University of California, Berkeley CCS '04 October 2004 Overview Motivation RFID Background Library

18 CHAPTER 2 RFID TECHNOLOGY AND ITS APPLICATIONS TO HUMAN TRACKING In this chapter, we briefly review some of the basic technical details pertaining to RFID Technology, its advantages and shortcomings

Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication

Introduction to RFID Technology 1 Definition RFID (Radio Frequency Identification) is a technology that enables the electronic and wireless labeling and identification of objects, humans and animals Radar

NACCU 2013 Migrating to Contactless: 2013 1 AGENDA The demise of cards has been predicted for many years. When will this really happen? This presentation by two card industry experts will cover the rise

RFID BASED VEHICLE TRACKING SYSTEM Operating a managed, busy parking lot can pose significant challenges, especially to a government organization that also owns some of the vehicles in the lot. The parking

Rev. 5.2 15 January 2007 Product data sheet 001052 PUBLIC 1. General description NXP has developed the Mifare to be used in contactess smart cards according to ISO/IEC 14443A. The communication layer (

Radio Frequency Identification (RFID) Presenter: Dusan Stevanovic April 3, 2007 Introduction RFID are systems that transmit identity (in the form of a unique serial number) of an object or person wirelessly,

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER GENERAL The MIFARE contactless smart card and MIFARE card reader/writer were developed to handle payment transactions for public transportation systems.

More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT

W.A.R.N. Passive Biometric ID Card Solution Updated November, 2007 Biometric technology has advanced so quickly in the last decade that questions and facts about its cost, use, and accuracy are often confused

The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft

SECURITY IN LOW RESOURCE ENVIRONMENTS SECURERF WHITE PAPER The discovery of a decades old technology is now promoted by many as the Next Big Thing. This discovery, Radio Frequency Identification (RFID),

GSM Risks and Countermeasures STI Group Discussion and Written Project Authors: Advisor: Johannes Ullrich Accepted: February 1, 2010 Abstract Recent research has shown that GSM encryption can be cracked

Anatomy of a Subway Hack Russell Ryan Zack Anderson Alessandro Chiesa For updated slides and code, see: http://web.mit.edu/zacka/www/subway/ what this talk is: Pen-testing a subway system what this talk

All You Can Eat or Breaking a Real-World Contactless Payment System Timo Kasper, Michael Silbermann, and Christof Paar Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {Timo.Kasper,

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

Design And Implementation Of Bank Locker Security System Based On Sensing Circuit And RFID Reader Khaing Mar Htwe, Zaw Min Min Htun, Hla Myo Tun Abstract: The main goal of this system is to design a locker

Information Security Group (ISG) From Smart Cards to NFC Smart Phone Security Information Security Group Activities Prof. Keith and Mayes Research From the Information Security Group ACE-CSR at Royal Holloway

Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control

Keep Out of My Passport: Access Control Mechanisms in E-passports Ivo Pooters June 15, 2008 Abstract Nowadays, over 40 different countries issue biometric passports to increase security on there borders.

CSci 530 Midterm Exam Fall 2012 Instructions: Show all work. No electronic devices are allowed. This exam is open book, open notes. You have 100 minutes to complete the exam. Please prepare your answers

Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

RFID SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the

Bluetooth Security Gustavo Padovan University of Campinas - Brazil gustavo@padovan.org July 4, 2011 This article talks about Bluetooth Security, explaining the mechanisms used by Bluetooth over time to

Technical NFiC: a new, economical way to make a device NFC-compliant Prashant Dekate NFiC: a new, economical way to make a device NFC-compliant Prashant Dekate The installed base of devices with Near Field